Charles River Web is an application service developer that employs industry standard controls for data privacy and security.

I. Security

1. Physical Security

• Our applications are hosted with a leading hosting firm dedicated to state-of-the-art data center security, featuring controlled access, FM2000 fire suppression, security monitoring and 24x7 patrol.

• Our offices where we do basic development is in a secured office building in Somerville, Massachusetts. Building doors are automatically locked at night and on weekends and our Subversion repository is in a secured data closet. No data or code is stored on developer's workstations. No confidential customer data is stored on site.

2. Transmission Security / Encryption

• Secure protocols (ssh2, ssl) are used when connecting to the host servers for coding or file transfers. Development servers are password protected.

3. Software Patches, Versions

• Our applications run on stable builds of Apache, PHP, and mySQL. Security patches are applied regularly. No experimental or untested software is allowed on any of our production environments.

4. Password Policy

• Passwords are required to be a combination of letters and numbers not including any dictionary words. Secure passwords are never entered into non-secure protocols (ie. ftp) or public terminals. Passwords are provided to employees on a need-to-know basis and are never written down. All passwords are changed periodically as well as after an employee with access to them is terminated.

II. Privacy

Charles River Web does not collect customer information for it's own purposes. Our client-specific applications will collect customer information consistent with the client's needs. All confidential information is captured through SSL enabled forms.